Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/b0144e-9f30-4f9f-a87f-d29a5d918fd8/1/psikfGn6FpQqhh0DSl5jsvwmwiU.roa
File:                     psikfGn6FpQqhh0DSl5jsvwmwiU.roa (raw, json)
Hash identifier:          cPs/n9SJJJcAsyUWs++t4L7KylflYtT7QnrTpSDlQIQ=
Subject key identifier:   A6:C8:A4:7C:69:FA:16:94:2A:86:1D:03:4A:5E:63:B2:FC:26:C2:25
Certificate issuer:       /CN=c143204e97ad79ad6a1f0940ef41b16f207b489d
Certificate serial:       0199806405E0F439050A879A41E1B00F65E0
Authority key identifier: C1:43:20:4E:97:AD:79:AD:6A:1F:09:40:EF:41:B1:6F:20:7B:48:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wUMgTpetea1qHwlA70GxbyB7SJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/b0144e-9f30-4f9f-a87f-d29a5d918fd8/1/psikfGn6FpQqhh0DSl5jsvwmwiU.roa
Signing time:             Thu 25 Sep 2025 10:21:02 +0000
ROA not before:           Thu 25 Sep 2025 10:21:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44985
IP address blocks:        185.15.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/b0144e-9f30-4f9f-a87f-d29a5d918fd8/1/wUMgTpetea1qHwlA70GxbyB7SJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/b0144e-9f30-4f9f-a87f-d29a5d918fd8/1/wUMgTpetea1qHwlA70GxbyB7SJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wUMgTpetea1qHwlA70GxbyB7SJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:02:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:80:64:05:e0:f4:39:05:0a:87:9a:41:e1:b0:0f:65:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c143204e97ad79ad6a1f0940ef41b16f207b489d
        Validity
            Not Before: Sep 25 10:21:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6c8a47c69fa16942a861d034a5e63b2fc26c225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7f:d2:62:74:db:ad:08:6f:fc:3a:66:eb:b1:
                    3e:e9:68:ce:ca:93:6c:10:5c:3b:00:07:67:0a:f3:
                    05:d7:7b:e3:b9:b8:77:a7:11:88:7d:57:d5:54:3d:
                    2b:cb:33:e0:3b:41:50:38:02:55:9e:b5:54:21:17:
                    04:bf:46:a2:70:fe:ac:d6:7c:1f:ed:e2:c2:c4:5b:
                    af:1e:e2:76:1c:95:cf:7d:29:83:46:e4:83:19:f3:
                    26:5a:d9:a0:2d:ff:cf:69:58:a3:eb:62:97:b1:22:
                    a2:77:0d:6e:ea:bc:7c:35:bc:68:91:cc:ca:ba:a5:
                    82:f2:95:8f:8e:ec:08:35:dd:97:f7:f0:0d:e4:2e:
                    cb:45:79:87:80:ee:77:d7:a0:7e:56:1b:e4:bd:b3:
                    10:09:8c:d7:f9:10:3a:f4:bb:3f:04:a3:e4:43:d0:
                    5f:ca:47:47:0b:bf:6f:ea:14:0f:d0:6b:31:dc:c2:
                    6b:66:6a:ec:34:61:c3:1e:b7:21:a2:80:6b:9a:67:
                    82:40:70:d2:e2:f9:a3:d4:36:85:94:67:bf:29:83:
                    6e:04:ea:99:d0:e5:6d:5b:bf:32:ba:20:0b:0d:f0:
                    5b:19:7f:3d:a2:05:9d:ff:3b:83:d6:4a:38:1a:14:
                    22:3c:00:a8:7d:cb:ec:0d:e9:bb:8a:95:fb:3a:96:
                    88:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:C8:A4:7C:69:FA:16:94:2A:86:1D:03:4A:5E:63:B2:FC:26:C2:25
            X509v3 Authority Key Identifier:
                keyid:C1:43:20:4E:97:AD:79:AD:6A:1F:09:40:EF:41:B1:6F:20:7B:48:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wUMgTpetea1qHwlA70GxbyB7SJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/b0144e-9f30-4f9f-a87f-d29a5d918fd8/1/psikfGn6FpQqhh0DSl5jsvwmwiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/b0144e-9f30-4f9f-a87f-d29a5d918fd8/1/wUMgTpetea1qHwlA70GxbyB7SJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:26:45:9d:31:c3:fa:30:6d:73:f7:af:8d:d7:0f:7a:a7:71:
         13:71:0c:10:9c:ff:fa:a2:d6:47:f3:df:df:ea:1e:77:24:a6:
         90:99:2b:0e:f8:1e:82:ef:7e:11:c2:c8:30:16:88:a3:fc:2e:
         dc:a4:f8:4c:98:be:c0:dc:1d:e2:2e:29:54:e8:5f:fc:1c:89:
         da:86:ae:9c:69:48:14:ea:6f:c7:5a:12:60:7b:50:4d:1e:70:
         c0:28:04:7b:f3:76:48:d2:35:cb:0e:4c:88:30:3d:f0:ab:af:
         16:f8:18:65:71:23:e6:63:7a:f4:f1:28:11:07:16:19:e4:98:
         b7:8e:06:c4:eb:66:13:9e:51:0c:e3:ab:bc:37:d7:78:ea:05:
         fb:26:2b:0c:55:91:da:d0:96:44:1b:29:e6:77:d1:87:28:6c:
         ca:33:4d:f7:9f:87:f7:b8:c8:e1:52:c6:5e:87:88:d8:99:43:
         1e:1d:0b:43:b6:38:fb:23:2a:0c:a0:1b:7c:6c:68:54:05:b6:
         27:e5:f1:42:f5:c6:10:0f:2f:c2:03:2a:c1:ff:01:d1:95:4f:
         ed:63:59:94:2b:7f:e0:eb:bf:f0:1f:06:95:67:96:ab:fe:dc:
         6b:83:43:e5:ca:c9:e2:69:bd:26:2c:cc:f7:61:92:f0:25:2e:
         15:ed:17:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmAZAXg9DkFCoeaQeGwD2XgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNDMyMDRlOTdhZDc5YWQ2YTFmMDk0MGVmNDFiMTZmMjA3
YjQ4OWQwHhcNMjUwOTI1MTAyMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmM4YTQ3YzY5ZmExNjk0MmE4NjFkMDM0YTVlNjNiMmZjMjZjMjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnH/SYnTbrQhv/Dpm67E+6WjOypNs
EFw7AAdnCvMF13vjubh3pxGIfVfVVD0ryzPgO0FQOAJVnrVUIRcEv0aicP6s1nwf
7eLCxFuvHuJ2HJXPfSmDRuSDGfMmWtmgLf/PaVij62KXsSKidw1u6rx8NbxokczK
uqWC8pWPjuwINd2X9/AN5C7LRXmHgO5316B+VhvkvbMQCYzX+RA69Ls/BKPkQ9Bf
ykdHC79v6hQP0Gsx3MJrZmrsNGHDHrchooBrmmeCQHDS4vmj1DaFlGe/KYNuBOqZ
0OVtW78yuiALDfBbGX89ogWd/zuD1ko4GhQiPACofcvsDem7ipX7OpaIBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKbIpHxp+haUKoYdA0peY7L8JsIlMB8GA1UdIwQY
MBaAFMFDIE6XrXmtah8JQO9BsW8ge0idMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1VNZ1RwZXRlYTFxSHdsQTcwR3hieUI3U0owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9iMDE0NGUtOWYzMC00ZjlmLWE4N2Yt
ZDI5YTVkOTE4ZmQ4LzEvcHNpa2ZHbjZGcFFxaGgwRFNsNWpzdndtd2lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9iMDE0NGUtOWYzMC00ZjlmLWE4N2YtZDI5YTVkOTE4ZmQ4
LzEvd1VNZ1RwZXRlYTFxSHdsQTcwR3hieUI3U0owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ90MA0G
CSqGSIb3DQEBCwUAA4IBAQB0JkWdMcP6MG1z96+N1w96p3ETcQwQnP/6otZH89/f
6h53JKaQmSsO+B6C734RwsgwFoij/C7cpPhMmL7A3B3iLilU6F/8HInahq6caUgU
6m/HWhJge1BNHnDAKAR783ZI0jXLDkyIMD3wq68W+BhlcSPmY3r08SgRBxYZ5Ji3
jgbE62YTnlEM46u8N9d46gX7JisMVZHa0JZEGynmd9GHKGzKM033n4f3uMjhUsZe
h4jYmUMeHQtDtjj7IyoMoBt8bGhUBbYn5fFC9cYQDy/CAyrB/wHRlU/tY1mUK3/g
67/wHwaVZ5ar/txrg0Plysniab0mLMz3YZLwJS4V7Rfn
-----END CERTIFICATE-----